Chapter 5: Network security technologies Flashcards
Which systems are designed to monitor network traffic and other events, and look for anything suspicious that might indicate an attack?
Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
What intrusion detection method examines traffic by comparison to a profile of how its protocol is supposed to work
Stateful protocol analysis
Which intrusion detection method uses heuristic methods that look for behaviors which seems unusual relative to the normal baseline. It has the ability to identify zero day attacks.
Anomaly based
What term refers to the combination of AAA systems with network segmentation and host-level security?
Network Access Control (NAC)
What is the term for appliances, hardware or software designed to transparently combine distributed services into a single virtual whole?
Load Balancing
Which load balancing technique moves the processing overhead associated with SSL or TLS encryption to another server or a hardware appliance with accelerate encryption features?
SSL acceleration
Which load balancing technique reduces the bandwidth required by some kinds of data traffic
Data compression
Which load balancing technique monitors each server in the load balancing pool, then removes it if it fails
Health checking
Which load balancing technique moves resource intensive TCP services to different servers than those performing server application functions
TCP offloading
Which load balancing technique is similar to QOS, and allows some traffic to be prioritized
Priority queuing
Which load balancing technique allows the balancer to store frequently accessed content?
Content caching
Which load balancer configuration makes sure that incoming connections are spread evenly throughout servers without overloading any of them?
scheduling
Which load balancer configuration allows “sticky” sessions to enable traffic fro the same user to go to the same server to maintain session integrity?
sessions
Which load balancer failover technique keeps all redundant servers active and sharing the load?
active/active
Which load balancer failover technique keeps multiple failover nodes on standby?
active/passive
Which proxy mediates communications between LAN clients and Internet servers. It requires client side configuration, and is often used in small, heavily secured networks.
Forward proxy
Which proxy operates like forward proxies, but don’t require client side configuration?
Transparent proxies (also known as forced proxies)
Which proxy mediates communications between Internet clients and LAN servers?
Reverse proxies
Which proxy is hosted on the internet and masks the client’s original IP address from the server?
Anonymous proxy
Which tool combines multiple security functions into a single device.
Unified Threat Management (UTM)/Next-generation firewalls (NGFW)
Which monitoring tool can read packet headers to determine traffic patterns or view protocol information in depth?
Network analyzer (aka: packet analyzer or protocol analyzer)
Which monitoring tool can be used to find performance issues or detect unexpected traffic?
Bandwidth monitor
Which monitoring tool is a port on a switch or other network device configured to copy traffic on other links and forward it to a logging analysis system.
Port mirror (aka: Switched port analyzer)
Which monitoring tool is a hardware device designed to perform port mirroring? It has an A port, a B port, and a monitor port
Network tap
Which tool combines input from port mirrors and taps across the network, then filters the raw data before feeding it into a monitoring system
Traffic aggregator
Which monitoring tool receives, stores and preprocesses networking monitoring data, especially in the context of Netflow analysis. Might lie between a traffic aggregator an analysis software
Collector
Which monitoring tool finds congestion, reception, and coverage area and detects rogue APs
Wireless analyzers
Which monitoring tool remotely manages network devices, but also gathers network information
SNMP
Which monitoring tool is a central solution that actively monitors and reports on data collected by logging tools?
Security Information and Event Management (SIEM)
Which monitoring tool detects temperature, humidity, or electric power quality
Physical sensor
in SNMP, which entity is described by SNMP software running on a manged device?
Agent
in SNMP, which entity is a software application used to manage agents.
Manager (aka: Network Management System NMS)
In SNMP, what is a unique number corresponding to a property that be monitored on a single device?
Object Identifier
In SNMP, what is a database containing OIDs for managed devices, arranged in a tree-like hierarchical fashion.
Management Information Base (MIB)
Which version of SNMP is the most secure?
version 3
Which monitoring tool provides real time traffic reporting? Devices (called flow exporters) identify network flows and send data about them to a centralized flow collector where it is processed and stored.
Netflow
Which network analysis technique finds increases, decreases or predictable patterns.
Trend analysis
Which network analysis technique compares data to an established baseline
Anomaly analysis
Which network analysis technique compares new data against known threats to find similar behaviors even without an exact treat signature
Heuristic analysis
Which network analysis technique collects user behavior data and then uses it to recognize unusual actions that might represent a security incident?
User and entity behavioral analytics (UEBA)
Which network analysis technique uses text analysis and natural language processing to determine the emotional state of words and speech?
Sentiment analysis
Which technique uses synthetic network traffic that resembles genuine communications. It’s often used by distributed honeypots to emulate regular network activity and make decoy systems less suspicious
to an attacker, but normal devices can also generate it in addition to their other communications.
Fake telemetry
Which technique DNS requests from malware and and responds with deliberately incorrect data?
DNS sinkhole